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DETAILED ACTION 

1. This action is in response to the communication filed on May 09, 2005. Claim 8 
has been amended. No new Claims have been added. Claims 1 - 37 are pending. 

Response to Remarks/Arguments 

Claim Objections 

2. Correction to Claim 8 noted and objection is hereby withdrawn. 

3. Applicant's remarks/arguments filed on May 09, 2005, with respect to amended 
Claims 1, 8, 15, 23 and 26, have been fully considered but they are not persuasive. 

Referring to the previous Office action, Examiner had cited relevant portions of 
the references as a means to illustrate the system as taught by the prior art. As a 
means of providing further clarification as to what is taught by the references used in the 
first office action, Examiner has expanded the teachings for comprehensibility while 
maintaining the same grounds of rejection of the claims. 

Baker (U.S. Patent Number 5,948,080), teaches a method and a system for 
assigning a data packet to a data communication channel that includes the step of 
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receiving at least a portion of a data packet in a data packet comparison circuit. The 
method and system compare at least the portion of the data packet to a predetermined 
matched data set. The portion of the data packet and the matched data set include 
programmably varying data fields that correspond to at least one data communications 
or DMA channel. Furthermore, Baker provides a way to designate that several types of 
data packets that correspond to several matched data sets should go to a single data 
communications or DMA channel. 

Krishna (U.S. Patent Number 6,477,646), teaches a cryptography accelerator 
chip that enables cell-based processing of random-length IP packets, where an IPSec 
processing chip having a 3DES-CBC and MD5/SHA1 processing blocks. The 
processing of the cells is pipelined and the sequencing is controlled by a programmable 
microcontroller. Furthermore, Krishna teaches that Diffie-Hellman or RSA and DSA 
public key processing blocks may be added as well. 

4. Regarding amended independent Claims 1,8, 15, 23 and 26, Applicant agrees 
that Baker discloses a data packet comparison circuit that receives a portion of a data 
packet, compares the received data packet portion to a predetermined matched set that 
corresponds to a DMA channel and Krishna teaches a cryptography accelerator 
architecture for implementing the IPSec standard but, argues that Baker and Krishna do 
not teach "an input DMA engine retrieving portions of the streamed security data packet 
from the external memory", "receiving at a context RAM, a security association 
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database (SAD) entry associated with the selected channel, the SAD entry being 
retrieved from the external memory by the input DMA engine; verifying header 
information of the IPSec security protocol packet; reading a security association 
database (SAD) entry into the first local buffer; processing the IPSec security protocol 
packet based on information in the SAD entry; storing the processed IPSec security 
protocol packet in an external memory; prepending control information to the IP data 
packet and processing the IP data packet by performing a cryptographic operation on 
the IP data packet to generate a security protocol data packet. These arguments are not 
persuasive. 

Baker and Krishna, in combination teaches, "an input DMA engine retrieving 
portions of the streamed security data packet from the external memory (Baker Column 
5 lines 14 - 54 and Column 10 lines 36 - 63 and Krishna Column 4 line 34 - Column 6 
line 56)", "receiving at a context RAM, a security association database (SAD) entry 
associated with the selected channel, the SAD entry being retrieved from the external 
memory by the input DMA engine (Baker Column 8 line 11 - Column 9 line 15 and 
Column 17 lines 1 1 - 35 and Krishna Column 4 line 34 - Column 6 line 56); verifying 
header information of the IPSec security protocol packet; reading a security association 
database (SAD) entry into the first local buffer (Baker Column 5 lines 14-54 and 
Column 1 0 lines 36 - 63 and Krishna Column 4 line 34 - Column 6 line 56); processing 
the IPSec security protocol packet based on information in the SAD entry(Krishna 
Column 4 line 34 - Column 6 line 56); storing the processed IPSec security protocol 
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packet in an external memory (Baker Column 20 line 24 - 67); prepending control 
information to the IP data packet and processing the IP data packet by performing a 
cryptographic operation on the IP data packet to generate a security protocol data 
packet (Baker Column 5 lines 14-54 and Column 10 lines 36-63 and Krishna 
Column 4 line 34 - Column 6 line 56). 

Packet processing were well known in the art at the time the invention was made, 
and its implementation, such as detailed by Baker, in conjunction with the teachings of 
Krishna would have been obvious to one of ordinary skill in the art at the time the 
invention was made because if IPSec is processed as taught by Krishna were to be 
removed, a cryptographic DMA would be needed in order to process the IPSec packets. 
The addition of such DMA would add and improve the accelerated processing of IP 
security packets. Therefore it would have been obvious to one of ordinary skill in the art 
to combine the teachings of Krishna and Baker to add flexibility to process IPSec 
packets through DMA to improve the speed of processing. 

Applicant's argues that Krishna explicitly teaches that the architecture does not 
require external memory. Applicant is right, however, the Examiner did not use Krishna 
to reject "an architecture requiring external memory". Examiner combines Krishna to 
Baker to disclose architecture for a cryptography accelerator that allows significant 
performance improvements IPSec processing wherein packets are received. 
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Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner. 

In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, Baker discloses 
a method and a system for assigning a data packet to a data communication channel 
that includes the step of receiving at least a portion of a data packet in a data packet 
comparison circuit and Krishna teaches a cryptography accelerator chip that enables 
cell-based processing of random-length IP packets, where an IPSec processing chip 
having a 3DES-CBC and MD5/SHA1 processing blocks, as mentioned in the 
outstanding rejection (12/15/2004). 
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5. Applicant clearly has failed to explicitly identify specific claim limitations, which 
would define a patentable distinction over prior arts. Therefore, the examiner 
respectfully asserts that cited prior art does teach or suggest the subject matter broadly 
recited in independent amended Claims 1, 8, 15, 23 and 26. Dependent claims 2 - 7, 9 
-14, 16-22 and 27 - 37 are also rejected at least by virtue of their dependency on 
independent claims and by other reason set forth in this office action. 

Accordingly, the rejection for the pending Claims 1 - 37 is respectfully 
maintained. 

Claim Rejections - 35 (JSC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1- 37 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Baker (U.S. Patent Number 5,948,080, hereinafter "Baker) in view of Krishna et al. 
(U.S. Patent Number 6,477,646, hereinafter "Krishna"). 

Regarding Claim 1 , Baker discloses a security data packet processing system 
comprising: 
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a transmitting (Tx) direct memory access (DMA) interface (314) receiving a 
streamed security data packet, selecting channel for processing the streamed security 
data packet and transferring the streamed security data packet to an external memory 
(Baker Column 5 lines 1 4 - 54 and Column 1 0 lines 36 - 63); 

an input DMA engine (306) retrieving portions of the streamed security data 
packet from the external memory after all portions of the streamed security data packet 
have been transferred to the external memory (Baker Column 5 line 36 - Column 7 line 
50 and Column 1 0 line 36 - 63); 

an input FIFO (308) receiving the portions of the streamed security data packet 
from the input DMA engine (306) in blocks of a predetermined byte size, portions being 
retained in a portion of the input FIFO allocated to the selected channel (Baker Column 
8 line 1 1 - Column 9 line 1 5 and Column 1 7 lines 1 1 - 35); 

a context RAM (308) receiving a security association database (SAD) entry 
associated with the selected channel, the SAD entry being retrieved from the external 
memory by the input DMA engine (Baker Column 20 line 24 - 67); and 

an input crypto DMA engine (310) providing the blocks of the security data 
packet processing engine for processing (Baker Column 1 1 lines 1 5 - 27; Column 1 3 
lines 6- 58 and Column 13 line 33 -Column 14 line 10). 

Baker does not explicitly disclose that the data packet is a security data packet. 
However, Krishna discloses an architecture for a cryptography accelerator that allows 
significant performance improvements IPSec processing wherein packets are received 
and processed though DMA (Krishna Column 4 line 34 - Column 6 line 56). Packet 
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processing were well known in the art at the time the invention was made, and its 
implementation, such as detailed by Baker, in conjunction with the teachings of Krishna 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made because if IPSec is processed as taught by Krishna were to be removed, a 
cryptographic DMA would be needed in order to process the IPSec packets. The 
addition of such DMA would add and improve the accelerated processing of IP security 
packets. Therefore it would have been obvious to one of ordinary skill in the art to 
combine the teachings of Krishna and Baker to add flexibility to process IPSec packets 
through DMA to improve the speed of processing. 

Regarding Claim 8, Baker teaches and describes a method for processing 
security data packet comprising: 

receiving a streamed security data packet (Baker Column 5 lines 14-54 and 
Column 10 lines 36-63); 

selecting a channel for processing the streamed security data packet; 
transferring the streamed security data packet an external memory (Baker Column 5 
lines 1 4 - 54 and Column 1 0 lines 36 - 63); 

retrieving portions the streamed security data packet from the external memory 
after all portions of the streamed security data packet have been transferred to the 
external memory (Baker Column 5 line 36 - Column 7 line 50 and Column 10 line 36 - 
63); 
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transferring the portions of the streamed security data packet an input FIFO (308) 
from an input DMA engine (306) in blocks of a predetermined byte size, portions being 
retained portion of the input FIFO allocated to the selected channel (Baker Column 8 
line 1 1 - Column 9 line 1 5 and Column 1 7 lines 1 1 - 35); 

receiving a context RAM (308), a security association database (SAD) entry 
associated with the selected channel, the SAD entry being retrieved from the 
external memory by the input DMA engine (Baker Column 20 line 24 - 67); and 

providing to an input crypto DMA engine (310) the blocks of the security data 
packet a processing engine for processing (Baker Column 1 1 lines 1 5 - 27; Column 1 3 
lines 6-58 and Column 13 line 33 - Column 14 line 10). 

Baker does not explicitly disclose that the data packet is a security data packet. 
However, Krishna discloses an architecture for a cryptography accelerator that allows 
significant performance improvements IPSec processing wherein packets are received 
and processed though DMA (Krishna Column 4 line 34 - Column 6 line 56). Packet 
processing were well known in the art at the time the invention was made, and its 
implementation, such as detailed by Baker, in conjunction with the teachings of Krishna 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made because if IPSec is processed as taught by Krishna were to be removed, a 
cryptographic DMA would be needed in order to process the IPSec packets. The 
addition of such DMA would add and improve the accelerated processing of IP security 
packets. Therefore it would have been obvious to one of ordinary skill in the art to 
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combine the teachings of Krishna and Baker to add flexibility to process IPSec packets 
through DMA to improve the speed of processing. 

Regarding Claim 15, Baker teaches and describes a method of processing an 
IPSec security protocol packet, the IPSec security protocol packet comprising an IPSec 
header, the method comprising: 

buffering an IPSec security protocol packet an external memory; reading portions 
of the buffered IPSec security protocol packet into a first local buffer, the portions having 
a predetermined number of bytes; verifying header information of the IPSec security 
protocol packet (Baker Column 5 lines 14-54 and Column 10 lines 36-63); 

reading a security association database (SAD) entry into the first local buffer; 
processing the IPSec security protocol packet based on information in the SAD entry; 
and storing the processed IPSec security protocol packet in an external memory (Baker 
Column 20 line 24 -67). 

Baker does not explicitly disclose that the data packet is a security data packet. 
However, Krishna discloses an architecture for a cryptography accelerator that allows 
significant performance improvements IPSec processing wherein packets are received 
and processed though DMA (Krishna Column 4 line 34 - Column 6 line 56). Packet 
processing were well known in the art at the time the invention was made, and its 
implementation, such as detailed by Baker, in conjunction with the teachings of Krishna 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made because if IPSec is processed as taught by Krishna were to be removed, a 
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cryptographic DMA would be needed in order to process the IPSec packets. The 
addition of such DMA would add and improve the accelerated processing of IP security 
packets. Therefore it would have been obvious to one of ordinary skill in the art to 
combine the teachings of Krishna and Baker to add flexibility to process IPSec packets 
through DMA to improve the speed of processing. 

Regarding Claim 23, Baker teaches and describes an application specific 
integrated circuit processing IPSec security protocol packets comprising: 

a first streaming interface communicating with a network processor over a 
streaming interface and receiving streamed packet (Baker Column 5 lines 14-54 and 
Column 10 lines 36-63); 

an input buffer storing portions of the streamed packet along with control 
information for the packet (Baker Column 5 lines 1 4 - 54 and Column 1 0 lines 36 - 63); 

a crypto core engine performing IPSec cryptographic operations on the packet 
accordance with the control information (Baker Column 1 1 lines 15-27; Column 13 
lines 6- 58 and Column 13 line 33 - Column 14 line 10); 

an output buffer storing processed portions of the streamed packet (Baker 
Column 1 3 lines 1 - 51 ); and 

a second streaming interface receiving the processed portions of the streamed 
packet from the output buffer and providing the network processor a processed IPSec 
packet over the streaming interface (Baker Column 17 lines 1 1 - 60 and Column 18 
lines 24 -67). 
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Baker does not explicitly disclose that the data packet is a security data packet. 
However, Krishna discloses an architecture for a cryptography accelerator that allows 
significant performance improvements IPSec processing wherein packets are received 
and processed though DMA (Krishna Column 4 line 34 - Column 6 line 56). Packet 
processing were well known in the art at the time the invention was made, and its 
implementation, such as detailed by Baker, in conjunction with the teachings of Krishna 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made because if IPSec is processed as taught by Krishna were to be removed, a 
cryptographic DMA would be needed in order to process the IPSec packets. The 
addition of such DMA would add and improve the accelerated processing of IP security 
packets. Therefore it would have been obvious to one of ordinary skill in the art to 
combine the teachings of Krishna and Baker to add flexibility to process IPSec packets 
through DMA to improve the speed of processing. 

Regarding Claim 26, Baker teaches and describes 26. A method of processing 
data packets for implementing a security protocol, the method comprising: 

receiving at a first streaming interface an IP data packet from a network 
processor, the IP data packet including a security association database (SAD) tag 
prepended thereto; moving at least portions of the IP data packet in a first portion of first 
buffer (Baker Column 5 lines 1 4 - 54 and Column 1 0 lines 36 - 63); 
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reading an SAD entry corresponding to the SAD tag into a second portion of the 
first buffer; prepending control information the IP data packet (Baker Column 20 line 24 
-67); 

processing the IP data packet by performing a cryptographic operation on the IP 
data packet to generate a security protocol data packet; and streaming the security 
protocol data packet from a second streaming interface to the network processor for 
transmission through the network (Baker Column 1 1 lines 1 5 - 27; Column 1 3 lines 6 - 
58; Column 13 line 33- Column 14 line 10 and Column 17 lines 11 -60). 

Baker does not explicitly disclose that the data packet is a security data packet. 
However, Krishna discloses an architecture for a cryptography accelerator that allows 
significant performance improvements IPSec processing wherein packets are received 
and processed though DMA (Krishna Column 4 line 34 - Column 6 line 56). Packet 
processing were well known in the art at the time the invention was made, and its 
implementation, such as detailed by Baker, in conjunction with the teachings of Krishna 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made because if IPSec is processed as taught by Krishna were to be removed, a 
cryptographic DMA would be needed in order to process the IPSec packets. The 
addition of such DMA would add and improve the accelerated processing of IP security 
packets. Therefore it would have been obvious to one of ordinary skill in the art to 
combine the teachings of Krishna and Baker to add flexibility to process IPSec packets 
through DMA to improve the speed of processing. 
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Claims 2 and 9 are rejected applied as above in rejecting Claims 1 and 8. 
Furthermore, Baker discloses a security data packet processing system further 
comprising: 

an output crypto FIFO (320) receiving processed blocks the security packet from 
the processing engine (Baker Column 8 lines 1 8 - 42; Column 1 7 lines 1 1 - 40 and 
Krishna Column 5 line 51 - Column 6 line 14); 

an output DMA engine (322) transferring the processed blocks the security 
packet to an external output memory (158) (Baker Column 7 lines 40 - 65; Column 17 
lines 1 1 - 62 and Krishna Column 5 line 51 - Column 6 line 42); and 

receiving direct memory access (DMA) interface (324) retrieving the processed 
blocks of the security packet from the external output memory (158) after all portions of 
the processed security data packet have been transferred to the external output 
memory (158), and transferring the processed blocks of the security data packet to 
streaming interface for streaming (Baker Column 25 line 39 - Column 26 line 67 and 
Krishna Column 6 lines 24 - 56). 

Claims 4 and 1 1 are rejected applied as above in rejecting Claims 1 and 8. 
Furthermore, Baker discloses a security data packet processing system, wherein the 
context RAM (308) includes a portion storing program state information associated with 
the selected channel (Baker Column 7 lines 13-65). 
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Claims 5 and 12 are rejected applied as above in rejecting Claims 1 and 8. 
Furthermore, Baker discloses a security data packet processing system further 
comprising selecting a least busy channel based amount of buffer space available for a 
channel in the external memory (156), the selecting being performed by the 
transmitting (Tx) DMA interface (314) (Baker Column 12 lines 59 - 67). 

Claims 6 and 13 are rejected applied as above in rejecting Claims 1 and 8. 
Furthermore, Baker discloses a security data packet processing system wherein when 
the security packet is an outbound IPSec security packet and wherein an outer header 
(56) and IPSec header are added to the outbound IPSec security packet when portions 
of the packet are buffered in input FIFO (308) (Krishna Column 6 lines 1 - 39 and 
Column 7 line 63 - Column 8 line 19). 

Claims 7 and 14 are rejected applied as above in rejecting Claims 1 and 8. 
Furthermore, Baker discloses a security data packet processing system wherein when 
the security packet is an inbound IPSec security packet and wherein an outer header 
(66) and IPSec header (65) are removed from the outbound IPSec security packet prior 
to portions the packet being buffered in input FIFO (308) (Krishna Column 5 line 51 - 
Column 6 line 11 and Column 7 line 63 - Column 8 line 1 1 ). 

Claims 3 and 10 are rejected applied as above in rejecting Claims 2 and 9. 
Furthermore, Baker discloses a security data packet processing system further 
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comprising storing length information for each of a plurality of processed security data 
packets in one of a plurality of registers of the receiving (Rx) DMA interface (324), and 
wherein the receiving (Rx) DMA interface (324) performs the retrieving in response to 
the storing of the length information for an associated processed security data packet 
(Krishna Column 6 lines 24 - 42). 

Claims 16 and 27 are rejected applied as above in rejecting Claims 15 and 26. 
Furthermore, Baker discloses a security data packet processing further comprising 
parsing the IPSec header to retrieve a pointer comprising to the SAD entry (Baker 
Column 11 lines 15-27; Column 13 lines 6 - 58; Column 13 line 33 - Column 14 line 
10; Column 20 line 24 - 67 and Krishna Column 4 line 34 - Column 6 line 56). 

Claim 17 is rejected applied as above in rejecting Claim15. Furthermore, Baker 
discloses a security data packet processing wherein prior to the processing step, the 
method includes prepending control information to the IPSec security protocol packet 
based on information the SAD entry, the control information for use in the processing 
step (Baker Column 1 1 lines 1 5 - 27; Column 1 3 lines 6 - 58; Column 1 3 line 33 - 
Column 14 line 10; Column 20 line 24 - 67 and Krishna Column 4 line 34 - Column 6 
line 56). 
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Claim 18 is rejected applied as above in rejecting Claim 15. Furthermore, Baker 
discloses a security data packet processing wherein the processing step includes 
performing cryptographic operation on the IPSec security protocol packet, the 
cryptographic operation comprising either a decryption function or an authentication 
function when the IPSec security protocol packet is an inbound packet, and an 
encryption operation when the IPSec security protocol packet an outbound packet 
(Krishna Column 5 line 26 - Column 6 line 14). 

Claims 19, 24, 25 and 30 are rejected applied as above in rejecting Claims 15 
and 23. Furthermore, Baker discloses a security data packet processing further 
comprising selecting a least busy channel of a plurality of channels for processing the 
IPSec security protocol packet, and wherein the external memory has a portion 
associated with least busy channel (Baker Column 12 lines 59 - 67). 

Claim 20 is rejected applied as above in rejecting Claim 15. Furthermore, Baker 
discloses a security data packet processing wherein after the processing step, the 
method includes buffering the processed IPSec security protocol packet a buffer 
allocated to the channel selected for the packet (Baker Column 17 lines 1 1 - 60 and 
Column 18 lines 25-67). 

Claim 21 is rejected applied as above in rejecting Claim 15. Furthermore, Baker 
discloses a security data packet processing further comprising performing a security 
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policy cheek on the processed IPSec security protocol packet, security policy check 
comprising verifying that an IP source address is within a range of addresses identified 
by the SAD entry (Baker Column 8 lines 1 8 - 65 and Column 26 line 63 - Column 27 
line 44). 

Claim 22 is rejected applied as above in rejecting Claim 15. Furthermore, Baker 
discloses a security data packet processing further comprising performing an anti-replay 
check on the processed IPSec security protocol packet, and updating a current byte 
count and anti-replay fields of the SAD entry (Baker Column 25 line 58 - Column 26 line 
19). 

Claim 28 is rejected applied as above in rejecting Claim 27. Furthermore, Baker 
discloses a security data packet processing wherein the security protocol is an IPSec 
protocol, and wherein the security header is an IPSec header, and wherein the 
security protocol data packet is formatted in accordance with an IPSec security protocol 
(Krishna Column 5 lines 51 - 67). 

Claim 29 is rejected applied as above in rejecting Claim 26. Furthermore, Baker 
discloses a security data packet processing wherein the cryptographic operation 
comprises either an encryption or authentication cryptographic operation, and wherein 
the method further comprising storing at least portions of the security protocol data 
packet in a second buffer (Krishna Column 5 lines 51 - 67). 
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Claim 31 is rejected applied as above in rejecting Claim 26. Furthermore, Baker 
discloses a security data packet processing further comprising, prior to the reading, 
obtaining a semaphore for the SAD entry to prevent modification of data within the SAD 
entry by other channels (Baker Column 26 line 20 - Column 27 line 44). 

Claim 32 is rejected applied as above in rejecting Claim 31. Furthermore, Baker 
discloses a security data packet processing further comprising, subsequent to the 
reading, updating a byte count and sequence number in the SAD entry (Baker Column 
25 line 39 - Column 27 line 27). 

Claim 33 is rejected applied as above in rejecting Claim 26. Furthermore, Baker 
discloses a security data packet processing wherein the storing comprises buffering the 
portions of the security protocol data packet, the portions comprising a predetermined 
number of bytes (Baker Column 8 line 1 1 - Column 9 line 1 5 and Column 1 7 lines 1 1 - 
35). 

Claim 34 is rejected applied as above in rejecting Claim 26. Furthermore, Baker 
discloses a security data packet processing wherein the control information identifies an 
algorithm and key for the cryptographic operation to apply to the IP data packet (Krishna 
Column 5 line 51 - Column 6 line 14 and Column 7 line 13 - Column 8 line 35). 
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Claim 35 is rejected applied as above in rejecting Claim 26. Furthermore, Baker 
discloses a security data packet processing further comprises checking a path 
maximum transmission unit (PMTU) value of the IP data packet including the security 
header and the outer IP header as prepended to the data packet to determine when the 
PMTU value exceeds a PMTU value for a tunnel through which the security protocol 
data packet destined (Baker Column 1 1 lines 1 5 - 27; Column 1 3 lines 6 - 58; Column 
13 line 33- Column 14 line 10 and Column 17 lines 11 -60). 

Claim 36 is rejected applied as above in rejecting Claim 26. Furthermore, Baker 
discloses a security data packet processing wherein the processing is performed by a 
crypto engine and wherein subsequent to the processing, the method further comprises 

prepending status information to the security protocol data packet, the status 
information being generated by the processing and identifying when the crypto engine 
detects an error (Baker Column 1 1 lines 1 5 - 27; Column 1 3 lines 6 - 58; Column 1 3 
line 33 - Column 1.4 line 1 0 and Column 1 7 lines 1 1 - 60). 

Claim 37 is rejected applied as above in rejecting Claim 26. Furthermore, Baker 
discloses a security data packet processing wherein the streaming performed when all 
portions of the security protocol data packet are stored second buffer (Krishna Column 
5 lines 51 -67). 
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Conclusion 

7. THIS ACTION IS MADE FINAL Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

8. Applicant is urged to consider the references. However, the references should be 
evaluated by what they suggest to one versed in the art, rather than by their specific 
disclosure. If applicants are aware of any better prior art than those are cited, they are 
required to bring the prior art to the attention of the examiner. 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on 8:00a. m: To 5:00p.m.. If attempts 
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to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ayaz 
Sheikh can be reached on 571-232-3795. Any inquiry of a general nature or relating to 
the status of this application or proceeding should be directed to the receptionist whose 
telephone number is 703-305-3900. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 



Pramila Parthasarathy 
July 13, 2005. 




